FortiGate Level 1

In this course, you will learn how to use basic and advanced FortiGate features, including networking and security. In interactive labs, you will explore firewall policies, user authentication, SSL VPN, dial-up IPsec VPN, and how to protect your network using security profiles such as IPS, antivirus, web filtering, application control, and more. These administration fundamentals will provide you with a solid understanding of how to implement basic network security. Other topics include features commonly applied in a complex or larger enterprise or MSSP networks, such as advanced routing, transparent mode, redundant infrastructure, site-to-site IPsec VPN, SSO, web proxy, and diagnostics.

Formats

• Instructor-led classroom
• Instructor-led online*
• Self-paced online
  

Target audience

Networking and security professionals involved in the management, configuration, design, implementation, administration, and monitoring of FortiGate devices used to secure their organizations’ networks.

Agenda

Module 1: Introduction to FortiGate and the Security Fabric

• High-Level Features
• Setup Decisions
• Basic Administration
• Built-In Servers
• Fundamental Maintenance
• FortiGate Within the Security Fabric

Module 2: Firewall Policies

• Firewall Policies
• Configuring Firewall Policies
• Managing Firewall Policies
• Best Practices and Troubleshooting

Module 3: Network Address Translation (NAT)

• Introduction to NAT
• Firewall Policy NAT
• Central NAT
• Session Helpers
• Sessions
• Best Practices and Troubleshooting

Module 4: Firewall Authentication

• Methods of Firewall Authentication
• Remote Authentication Servers
• User Groups
• Using Firewall Policies for Authentication
• Authenticating Through Captive Portal
• Monitoring and Troubleshooting

Module 5: Logging and Monitoring

• Log Basics
• Local Logging
• Remote Logging
• Log Settings
• View, Search, and Monitor Logs
• Protecting Log Data

Module 6: Certificate Operations

• Authenticate and Secure Data Using Certificates
• Inspect Encrypted Data
• Mange Digital Certificates in FortiGate

Module 7: Web Filtering

• Inspection Modes
• Web Filtering Basics
• Additional Proxy-Based Web Filtering Features
• DNS Filtering
• Best Practices and Troubleshooting

Module 8: Application Control

• Application Control Basics
• Application Control Configuration
• Logging and Monitoring Application Control Events
• Best Practices and Troubleshooting

Module 9: Antivirus

• Antivirus Basics
• Antivirus Scanning Modes
• Antivirus Configuration
• Best Practices
• Troubleshooting

Module 10: Intrusion Prevention and Denial of Service

• Intrusion Prevention System
• Denial of Service
• Web Application Firewall
• Best Practices
• Troubleshooting

Module 11: SSL-VPN

• Describe SSL-VPN
• SSL-VPN Deployment Modes
• Configuring SSL-VPNs
• Realms and Personal Bookmarks
• Hardening SSL-VPN Access
• Monitoring and Troubleshooting

Module 12: Dialup IPsec VPN

• IPsec Introduction
• IKE Phase 1 and IKE Phase 2
• Dialup IPsec VPN
• Best Practices and VPN Logs

Module 13: Data Leak Prevention (DLP)

• DLP Overview
• DLP Filters
• DLP Fingerprinting
• DLP Archiving
• Best Practices
  

Objective

After completing these courses, you will be able to:

• Deploy the appropriate operation mode for your network.
• Use the GUI and CLI for administration.
• Identify the characteristics of the Fortinet security fabric.
• Control network access to configured networks using firewall policies.
• Apply port forwarding, source NAT, and destination NAT.
• Authenticate users using firewall policies.
• Understand encryption functions and certificates.
• Inspect SSL/TLS-secured traffic to prevent encryption used to bypass security policies.
• Configure security profiles to neutralize threats and misuse, including viruses, torrents, and inappropriate websites.
• Apply application control techniques to monitor and control network applications that might use standard or non-standard protocols and ports.
• Fight hacking and denial of service (DoS).
• Defend against data leaks by identifying files with sensitive data, and block them from leaving your private network.
• Offer an SSL VPN for secure access to your private network.
• Implement a dialup IPsec VPN tunnel between FortiGate and FortiClient.
• Collect and interpret log entries.
• Analyse a FortiGate’s route table.
• Route packets using policy-based and static routes for multi-path and load-balanced deployments.
• Configure SD-WAN to load balance traffic between multiple WAN links effectively.
• Inspect traffic transparently, forwarding as a Layer 2 device.
• Divide FortiGate into two or more virtual devices, each operating as an independent FortiGate, by configuring virtual domains (VDOMs).
• Establish an IPsec VPN tunnel between two FortiGate appliances.
• Compare policy-based to route-based IPsec VPN.
• Implement a meshed or partially redundant VPN.
• Diagnose failed IKE exchanges.
• Offer Fortinet Single Sign-On (FSSO) access to network services, integrated with Microsoft Active Directory.
• Deploy FortiGate devices as an HA cluster for fault tolerance and high performance.
• Deploy implicit and explicit proxy with firewall policies, authentication, and caching.
• Diagnose and correct common problems.

Certification:

This course is intended to help participants prepare for the NSE 4 certification exam.

Prerequisites

• Knowledge of network protocols
• Basic understanding of firewall concepts
• Knowledge of OSI layers
• Knowledge of firewalling concepts in an IPv4 network